[ISN] Linux Security Week - October 8th 2001

From: InfoSec News (isnat_private)
Date: Tue Oct 09 2001 - 04:25:58 PDT

  • Next message: InfoSec News: "[ISN] DoD 'Safecrackers' Help Safeguard Pentagon Documents"

    |  LinuxSecurity.com                            Weekly Newsletter     |
    |  October 8th, 2001                           Volume 2, Number 40n   |
    |                                                                     |
    |  Editorial Team:  Dave Wreski             daveat_private    |
    |                   Benjamin Thomas         benat_private     |
    Thank you for reading the LinuxSecurity.com weekly security newsletter.
    The purpose of this document is to provide our readers with a quick
    summary of each week's most relevant Linux security headlines.
    This week, perhaps the most interesting articles include "Analyzing your
    internet applications log files," "BSD security fundamentals," and "A
    Beginner's Introduction to Network Security."  Also this week, SANS
    released an updated security list.  The 'top 10' security list has now
    become 'top 20.'
    This week, the only vendor to release advisories was Conectiva.  The
    advisories are for mod_auth_pgsql and groff.  Webmasters, if you would
    like to have a dynamic Linux advisory feed on your website we encourage
    you to take advantage of our RDF file.
      * Don't Risk your network installing an insecure OS *
      EnGarde was designed from the ground up as a secure solution, starting
      with the principle of least privilege, and carrying it through every
      aspect of its implementation.
      * http://www.engardelinux.org 
    Take advantage of our Linux Security discussion list!  This mailing list
    is for general security-related questions and comments. To subscribe send
    an e-mail to security-discuss-requestat_private with "subscribe"
    as the subject.
    | Host Security News: | <<-----[ Articles This Week ]-------------
    * Linux system administration - A user's guide
    October 5th, 2001
    System administration is an area everyone has to deal with, at some point
    of their IT career or in personal affairs. Even the most computer
    illiterate people do it, aware of it or not. It is a necessity, a must you
    can say. For who else can be in touch with your desires and needs, and
    have the access to your system other than yourself?
    * BSD security fundamentals
    October 5th, 2001
    Subterrian.net has a copy of the presentation delivered by Sean Lewis at
    ToorCon 2001, held last weekend in San Diego, Calif. Lewis discusses BSD
    essential BSD security issues, working well as a primer for new and
    experienced users alike. Read all about encrypted communication,
    filesystem lockdowns, kernel securelevels, services, ftpd, Apache, and
    security auditing.
    * Analyzing your internet applications' log files
    October 2nd, 2001
    This article is the first in a series about using lire to analyze log
    files of internet server applications. This is not limited to one service,
    e.g. Apache, but is an integrated analyzer for many different services.
    Included are DNS, WWW and email. This article explains how to get started
    with lire. It discusses installation and configuration to generate
    | Network Security News: |
    * Information Warfare: When Intrusion Detection Isn't Enough
    October 5th, 2001
    September 11, 2001... that date will be engraved upon the memories of most
    Americans for many years to come. That is the date when Terrorists brought
    their battle to the U.S. soil. One week later, the Internet came under
    attack by the Nimda worm. Many claimed this was an act of Information
    * Companies Stress Network Security
    October 4th, 2001
    Corporations and government agencies have long viewed security of computer
    networks as an optional cost. No more.  In the era of cyberterrorism, it
    is critical.  "Network security used to be a necessary evil, but now it's
    a core value of companies," says CEO Peggy Weigle of Internet security
    firm Sanctum.
    * A Beginner's Introduction to Network Security
    October 3rd, 2001
    Lately, the word "security" has been tossed around a lot in the news, IRC
    channels and elsewhere in the community. It seems that there's no end to
    viruses and script kiddies out there just waiting to get through the
    security on your network and damage something, or use your network to help
    with the latest denial-of-service attack.
    * SANS Top 10 Security List Becomes Top 20
    October 2nd, 2001
    The FBI and the SANS Institute today released a list of the 20 top
    vulnerabilities of Internet-connected systems and urged companies to close
    dangerous holes while warning again of virulent cyberattacks to come
    * Full Disclosure: How Much Security Info Is Too Much?
    October 1st, 2001
    In publicizing the details of how a given security hole is exploited, are
    virus fighters simply providing aid and comfort to the enemy?  The debate
    over how much detail to release on software security gaps and when to go
    public with potentially sensitive security information has experts looking
    for a middle ground, wherein systems can be secured without helping
    | Cryptography News:     |
    * Zimmermann defends strong crypto against govt assault
    October 4th, 2001
    Strong cryptography does more good for society than harm and placing
    backdoors in encryption products to allow law enforcement access to plain
    text messages would be "worse than futile", encryption guru Phil
    Zimmermann told The Register today.
    * Security, biometrics research likely to get more attention
    October 2nd, 2001
    Government research on computer security and identification technologies
    will likely receive greater attention in the aftermath of the Sept. 11
    terror attacks against the United States, according to the chairman of the
    House Science Committee.
    * Encryption Debate Revived
    October 2nd, 2001
    Revived efforts to restrict software encryption in the wake of the recent
    terrorist attacks could have an adverse impact on e-commerce, IT managers
    and security experts say, but it's unlikely the government will succeed in
    curtailing encryption.
    * Three Minutes With Security Expert Bruce Schneier
    October 1st, 2001
    Bruce Schneier is founder and chief technology officer of Internet
    security firm Counterpane. He has written two books on cryptography and
    computer security, Secrets and Lies and Applied Cryptography, and is an
    outspoken critic of Microsoft and other software vendors that produce
    products that contain dangerous security holes.
    |Vendors/Tools/Products: |
    * Customers Proactive About Security Spending
    October 4th, 2001
    Growing concerns about cyberterrorism and the spread of computer viruses
    are causing more businesses to become proactive about security spending,
    solution providers believe.  Solutions involving firewall protection,
    intrusion detection, vulnerability assessment and anti-hacking technology
    are all moving to the forefront, as customers beef up their security
    |  General News:         |
    * Net users lose a secret-alias tool
    October 5th, 2001
    The company that pushed encryption and networking technology to the limits
    to enhance people's privacy said Thursday that it has decided to close its
    flagship anonymity network and focus on security software for home users.
    * comp.os.linux.security FAQ Updated
    October 4th, 2001
    Daniel Swan sent us a note indicating he's updated the c.o.l.s FAQ and
    it's indeed much improved! Would you like to contribute? Send us a note
    and share your experiences. The FAQ covers "Specifically, security as it
    pertains to the Linux operating system.
    * Carnivore substitute keeps Feds honest
    October 2nd, 2001
    The Forensics Explorers division of CTX is ready to go to market with a
    Carnivore-like suite called NetWitness which, the company says, can enable
    ISPs to surrender to the Feds only those specific bits of information
    about a suspect which a court has authorized for collection.
    * The Black Hat Briefings Amsterdam 2001
    October 2nd, 2001
    Every year leaders in the security field are brought together to this
    conference to discuss the latest threats, trends, products, and influences
    in the Internet and security environment. Don't miss it.  This year's
    topics include: Routing Protocol Attacks, Mobile Security: SMS and WAP,
    One-Way SQL Hacking, eBooks Security - Theory and Practice: Part II,
    Hackproofing Lotus Domino, Protecting your IP Network Infrastructure,
    RFP.Labs vs. Webservers: Finding Problems.
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
         To unsubscribe email newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Oct 09 2001 - 07:59:40 PDT